Guestbooks are Spambot Magnets

October 2, 2009 by Noah
Something interesting came up as a result of changing this site's domain name to

I set to redirect all links for regular pages to their counterparts on the new site, and to preserve HTTP referrer information while it's at it (so I can continue to see which Google queries link to my site, for instance). My sites have always been programmed to ignore referring URLs that belong to the same domain (so clicking a link within the site doesn't log the referrer because it would be rather pointless to do so).

But now that the domain has changed, referring URLs from show up in's logs, and it revealed something interesting about the spam bots:

They love my guestbook page. They probably find it via search results for the word "guestbook." Spambots look for guestbooks specifically because they usually tend to contain e-mail addresses, which the bots can add to their list of victims.

My guestbook has no e-mail addresses but instead resembles a blog comment thread... but they don't know that.

Anyway, the interesting thing is, on these requests, the spam bots send the referring URL as being exactly the same as the URL they requested. So their requests look like this:

GET /guestbook.html HTTP/1.1
So ships them over to the guestbook page here on, and logs the referring URL (which is the guestbook page back on

The effective result is that's guestbook page is the #1 referring URL (also the #2 and #3 top), because of how popular that page is with the spambots.

Maybe I should set up a spam honeypot on that page and trick them into downloading an infinite number of bogus e-mail addresses that go nowhere to flood their databases with fake e-mails and waste the spammers' time...



There are 0 comments on this page. Add yours.

Add a Comment

Used for your Gravatar and optional thread subscription. Privacy policy.
You may format your message using GitHub Flavored Markdown syntax.